• Startups
  • June 17, 2020

What do UK SMEs Understand about GDPR? 5 Surprising Stats from the LawBite GDPR Checklist

With all the hype around GDPR and 2017’s cyber-attacks (remember what happened to the NHS earlier this year?), individuals are far more aware and hot on their data rights than they ever were before. However, we’ve found that many SMEs are still not completely clear about what they need to do to ensure they’re comfortable and ultimately compliant. It’s not surprising really, a busy business owner doesn’t have the time or the energy to read through swaths of information (sometimes conflicting) on the internet, addressing what they need to be aware of and do.

That’s why we launched the LawBite GDPR Checklist towards the end of October ‘17 to get businesses thinking about areas in need of their attention. Since then, we’ve had almost 200 SMEs complete it. Of these, around 60% have 1 - 5 employees, 20% have 6 - 20 and the remaining 20% have 30+.

But what were some of the most interesting findings from their responses?

Here are the top 5 surprising stats we have compiled from our responses so far:

1. At a basic level, a third of respondents had no idea whether they were ‘data controllers’ or ‘data processors’. > This legal jargon may be puzzling, but it’s important to know what the difference is and which apply to your organisation. In essence, a data controller collects information and a data processor actually does something with it - so you could very well be both! You have different obligations under the GDPR for each.

2. A whopping 77% of respondents said they had no training programme in place for staff for data management and a further 13% said they weren't sure. > It is essential the people who work for you, particularly those who handle and process data (think marketing and sales teams!) know exactly what they’re doing with your customers’ information and that they’re aware of the new GDPR rules. Can you really trust your staff to read up about GDPR, understand what it all means for their work and to seamlessly get on with it?

3. We asked whether respondents knew what lawful basis they had for collecting and processing personal data. Disappointingly, under half - 41% - knew. > It’s a pretty fundamental question here, asking whether you absolutely know that your data collection and processing is lawful. As a business, you should understand the grounds you have for collecting and using people's personal information.

4. In terms of understanding the rights of data subjects under GDPR, it was another disappointing result with 77% of respondents admitting they didn't know, or simply weren't sure. > Part of understanding the law, is being able to know what your data subjects’ rights are over the information you hold about them. The GDPR has solidified and strengthened many rights people had under the Data Protection Act. For example, you might have heard about the right to erasure or ‘right to be forgotten’, where individuals can request their data be deleted if there is no compelling reason for you to keep it.

5. Finally, we asked about their systems that handle data and whether they were 'secure'. Promisingly, two-thirds thought they were (and worryingly a third thought they weren't!) At the same time when asked, only half said they knew what to do if worst came to worst and they actually had a data breach. > Your users need to be confident that when you collect their data, you’re storing it securely and if a breach were to ever happen, you have a considered response and that you’re complying with your obligations. We all know that the technological world is not always 100% reliable and with hackers becoming ever more sophisticated, GDPR now makes it very clear how important this is.

Are you surprised by the results? How do you think you’d fare? We’d hate for your business to get caught out or even for someone to lodge an official complaint to the Information Commissioner’s Office (ICO). Why not take our free LawBite GDPR Checklist today and see how you get on.

We also have a free and more comprehensive GDPR Audit document you can request and discuss with one of our lawyers by submitting an enquiry to our team here. - LawBite Marketing Team / Share this using #LawBiteGDPRChecklist 

Join the conversation in the comments below.

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Related Articles

Read more of our latest blog posts, featuring all the latest legal news, analysis and opinion from our expert lawyers.

blog image
  • By LawBite Team
  • May 01, 2022
What are Articles of Association?

Setting up a limited company is one of the most common routes entrepreneurs take when they start their business. If you have decided to take this r...

blog image
  • By LawBite Team
  • May 01, 2022
Do I need a privacy policy on my website?

The short answer is yes, all businesses that process personal data must have a detailed privacy policy. In most cases, a privacy policy will sit on...

blog image
  • By LawBite Team
  • April 13, 2022
Understanding Conflict of Interest (COI)

One thing our lawyers consistently emphasise to our clients is the importance of having well-considered and expertly drafted documentation, for exa...


LawBite can help you

LawBite is on a mission to provide business legal advice that is easier to access, clearer to understand and much cheaper. Our on-line legal advice platform can quickly connect you with expert business legal advice. Our friendly, highly qualified business lawyers, solicitors and mediators will give you the guidance and reassurance that comes from customised legal advice for small and medium sized business.

Whether you are bringing or defending a legal claim, outsourcing work, want a business contract review to ward off disagreements, talk to an expert trademark lawyer, resolve a contractual dispute with methods like mediation and arbitration, or getting your new company set up and on the right footing with a robust shareholder agreement and GDPR standards, we can help you succeed.

defend a claim

Talk to a Lawyer

Book a Call
defend a claim

Essentials Plan

Join for Free